cve/2020/CVE-2020-8893.md

CVE-2020-8893

Description

An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.

POC

Reference

• https://zigrin.com/advisories/misp-bruteforce-protection-not-working-in-very-specific-environments/
• https://zigrin.com/advisories/misp-bruteforce-protection-not-working-in-very-specific-environments/
• https://zigrin.com/advisories/misp-reflected-xss-in-galaxy-view/
• https://zigrin.com/advisories/misp-reflected-xss-in-galaxy-view/

Github

• https://github.com/dawid-czarnecki/public-vulnerabilities